question Re: NIFi : Consume AMQP with SSL StandardSSLContextService in Support Questions

NIFi : Consume AMQP with SSL StandardSSLContextService

ravi_tadepally — Wed, 05 Jan 2022 22:39:38 GMT

Hi,

I am currently new to NIFI and have been working on a project that requires communicating to a secured RabbitMQ server to consume data. To make an SSL handshake I am using StandardSSLContextService controller service by adding the required Truststore information.

And the Truststore actually contains the client certificate to communicate to RabbitMQ server from NIFI.

But I am facing the below issue while running the ConsumeAMQP processor.

17:36:40 UTC ERROR nifi.svc.cluster.local:9443 ConsumeAMQP[id=76fe890c-4c44-3a3e-933b-4f4e5c4e4539] Failed to initialize AMQP client: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required

causes: com.rabbitmq.client.ShutdownSignalException: connection error

causes: java.io.IOException

causes: java.lang.IllegalStateException: Failed to establish connection with AMQP Broker: com.rabbitmq.client.ConnectionFactory@72bc5297

17:36:40 UTCERROR76fe890c-4c44-3a3e-933b-4f4e5c4e4539 nifi.svc.cluster.local:9443ConsumeAMQP[id=76fe890c-4c44-3a3e-933b-4f4e5c4e4539] Connection lost to server localhost:5672

.: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required

I would really appreciate if someone can guide me to the right direction on how to set the standard ssl context service to make this working.

Thanks in advance.

Re: NIFi : Consume AMQP with SSL StandardSSLContextService

linuraj — Thu, 06 Jan 2022 23:28:56 GMT

Hello Team,

We face the same problem as well. Appreciate your help!

Re: NIFi : Consume AMQP with SSL StandardSSLContextService

AlinaGareeva — Thu, 07 Apr 2022 13:16:24 GMT

Faced a similar problem, the same error occurred, I was helped (oddly enough) by duplicating the certificate in the user's root folder - from where the command was launched
/home/{user}/

Re: NIFi : Consume AMQP with SSL StandardSSLContextService

ckumar — Thu, 07 Apr 2022 16:17:39 GMT

javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_required

is very generic error for SSL and can cause due to multiple factors such as

1. TLS version mismatch -->TLS version can be changed with StandardSSLContextService

2. Incompatible cipher suites in use by the client and the server --> This can be due to Java version in use by NiFi and Active MQ server and can be checked if there are any specific cipher is set at Active MQ following file needs to be reviewed jre/lib/security/java.security

3. How client certificate obtained and imported in truststore file which is configured under StandardSSLContextService--> You can use SSLPoke to verify connectivity outside of NiFi using same truststore file to makesure if the certificate is fine.

Thank you.

Re: NIFi : Consume AMQP with SSL StandardSSLContextService

araujo — Fri, 08 Apr 2022 11:17:48 GMT

@ravi_tadepally ,

Is your RabbitMQ configured to require TLS Mutual Authentication (or Client Authentication)? If so, you must also provide a keystore in the SSL Context in NiFi, besides the truststore.

Cheers,

André